DHCP server on AironetAP 3602 - Page 2

fryfenchie · ‎08-10-2024

Hello all i have i have this AP AIR-CAP3602I-N-K9
that was lightweight but i have flashed it as standalone now. Thing i am trying now is to create a dhcp pool which is used to asing ips to wifi client i created a pool with network address and other details but radio still isnt providing the ip to the clients
another issues my office has 10.x.x.x.x network from which one ip is available that i have assinged to the ap on bv1 interface and i want my wifi client to have 192.168.1.0 network since i dont have any more ip on 10x network
but the main question is after creating the pool how do i apply it ? like do i only have to just create the pool and ap automatically takes it ? cause its not i have also tried to attach the pool to interface but its not working either.
please shed some light
cheers,

here is the config
ip dhcp excluded-address 192.168.1.1 192.168.1.20
!
ip dhcp pool NKN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 10
!
!
!
!
dot11 syslog
dot11 vlan-name NKN vlan 10
!
dot11 ssid NKN
vlan 2
authentication open
guest-mode
!
!
dot11 wpa handshake timeout 1000
dot11 network-map
!
!
!
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm
!
ssid NKN
!
antenna gain 0
stbc
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
station-role root access-point
dot11 dot11r pre-authentication over-air
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
!
interface Dot11Radio0.2
encapsulation dot1Q 2
!
interface Dot11Radio1
no ip address
shutdown
!
ssid NKN
!
antenna gain 0
peakdetect
no dfs band block
stbc
channel dfs
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.2
!
interface Dot11Radio1.21
encapsulation dot1Q 2
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 spanning-disabled
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
!
interface GigabitEthernet0
ip address dhcp
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 spanning-disabled
no bridge-group 2 source-learning
!
interface GigabitEthernet0.21
!
interface BVI1
mac-address 442b.03a9.8f79
ip address 10.154.2.60 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
no routing dynamic
!
interface BVI10
ip address dhcp
!
ip default-gateway 10.154.2.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip route 0.0.0.0 0.0.0.0 Dot11Radio0
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
transport input all
!
end

fryfenchie · ‎08-10-2024

nah still not working
no aaa new-model
no ip source-route
no ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool NKN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
!
!
dot11 syslog
!
dot11 ssid Cisco
authentication open
guest-mode
ip redirection host 10.154.2.60
!
!
dot11 wpa handshake timeout 1000
!
!
!

!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
shutdown
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
ssid Cisco
!
antenna gain 0
peakdetect
no dfs band block
stbc
channel dfs
station-role root access-point
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
ip address 10.154.2.60 255.255.255.0
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
mac-address 442b.03a9.8f79
ip address 192.168.1.1 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
no bridge 1 bridge ip
no bridge 1 acquire
!
!
!
line con 0
line vty 0 4
login local
transport input all
!
end

so the scenario is i have intere net one 10 ip only one and i want to broad cast it using this extra ap i cant use my infrastructure dhcp because we dont have any more ips left so i made my own private ip pool.

RxTx · ‎08-10-2024

Did you enabled DNS for wifi clients ?

ip name-server server-address1 [server-address2 ... server-address6]

Specify the address of one or more name servers to use for name and address resolution.
You can specify up to six name servers. Separate each server address with a
space. The first server specified is the primary server. The wireless device sends
DNS queries to the primary server first. If that query fails, the backup servers
are queried.

ip domain-lookup(Optional)

Enable DNS-based host name-to-address translation on the wireless
device. This feature is enabled by default.
If your network devices require connectivity with devices in networks for which
you do not control name assignment, you can dynamically assign device names
that uniquely identify your devices by using the global Internet naming scheme
(DNS).

fryfenchie · ‎08-10-2024

i dint configured dns but my wifi client should find the 10 network but they cant its say no route to host so i doubt its about dns

marce1000 · ‎08-10-2024

- I have already replied on that topic;( repeating that reply)

>... its say no route to host
- For starters it is probably better
to use another address range then 192.168.x.x because those are link local addresses , and can indicate
that the client did not receive a DHCP address at all!!

So : 1) Use another address range for the wireless clients such as another 10.x subnet
2) If there must be communication with the wired clients (intranet) then the different vlans (subnets) must
support inter-routing 'towards' each other ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

RxTx · ‎08-10-2024

So in your case, since you can't set up the existing infrastructure in the data center, you need a home internet router with NAT support first in front of the AP... if it also has WiFI, you can ditch the AP 3602.

What you want to do it is to make invisible you'r wifi clients inside datacenter infrastructure because it will not allow traffic from other IP addresses and just to use connectivity to go on internet and the home internet router in front will do that.

you config that device with Fix or DHCP IP from datacenter infrastructure LAN on WAN side and on LAN and WiFi side how you want.

Rich R · ‎08-11-2024

What you are trying to do is not possible with an autonomous AP. You need a router.
You are trying to join wireless clients on the 192.168.x.x subnet, then NAT and route the client traffic through a single 10.x.x.x IP address. That requires NAT overload (PAT) and routing on a router. The AP IOS does not support that capability.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390